Bleeping Computer

New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike ...
ZDNet

Log4j: How hackers are using the flaw to deliver this new 'modular' backdoor

Iran-backed hacking group Phosphorous or APT35 is using the Log4j vulnerability to distribute a new modular PowerShell toolkit, according to security firm Check Point. APT35 is one of several ...
CRN

Log4j Exploit Is ‘A Fukushima Moment’ For Cybersecurity: Tenable CTO

‘We’re discovering new apps every minute which use Log4j in one way or another. It affects not only the code you build, but also the third-party systems you have in place,’ writes Tenable CTO Renaud ...
ZDNet

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft. As predicted ...
Dark Reading

'Proxyjacking' Cybercriminals Exploit Log4j in Emerging, Lucrative Cloud Attacks

Threat actors have found a lucrative new attack vector that hijacks legitimate proxyware services, which allow people to sell portions of their Internet bandwidth to third parties. In large-scale ...
Dark Reading

40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j

Early concerns about the Log4j vulnerability posing one of the biggest threats to Internet security in recent memory are quickly being confirmed with exploits and exploit activity targeting the flaw ...